Changed OO Server certificate but chrome still shows a warning

  • Document ID:KM03598744
  • Creation Date:10-Feb-2020
  • Modified Date:21-May-2021
    • Micro Focus Products:
      operations orchestration

Summary

After change the OO Server Certificate in OO and added a new one, chrome still shows the warning saying that the connection is not private

Question

We have changed the OO Server certificate in OO and added a new one following the steps in the following guide:


https://docs.microfocus.com/itom/Operations_Orchestration:2018.12/Administer/Security_Hardening_OO/ServerCertificate


But chrome still shows the warning saying that the connection is not private.

Answer

The reason of the issue that you are facing is the browser security policies, because of support ending for Symantec SSL Certificate. So, if you open a website running under the Symantec SSL Certificate, Chrome and Firefox will treat them as insecure.


Basically Google chrome and Mozilla Firefox no longer recognizes a Symantec SSL / TLS certificate issued before the 1st of June, 2016.
As such, if the site has a certificate from Symantec providers (Rapid SSL GeoTrust, VeriSign, Thawte, Verisign, Equifax) and the certificate hasn’t been updated after the 1st of June, 2016 the error will appear.


//////////////// Announcement ////////////////


This is a public announcement from browser to every website owner. browsers had already started the process of ending support for Symantec Certificate. A website that still has Symantec SSL Certificate and had not replace the certificate from April 17 2018.


NET::ERR_CERT_SYMANTEC_LEGACY, means that the site is using a legacy Symantec certificate that is no longer supported.
For Webmasters (To hide the warning message from the browser in Chrome):


- Click on the HTTPS lock icon.
- Click on the ‘Certificate’ option.
- Open the ‘Details’ tab in the certificate viewer and select the top certificate.
- Click on ‘Export’ and save the certificate to your computer.
- Go to Chrome Settings > Advanced > Manage Certificates > Import.
- Select the saved certificate file and import it.
- Restart the browser.
Customer certificate details:
- Valid From: 16/10/2017.
- Calid Until: 16/10/2020.
- CA: GeoTrust SSL CA - G3 Inc.
- SHA-256 with RSA Encryption.

The following link has the announcement announcement made by google regarding the Symantec certificates on which GeoTrust appears as one of the CA's affected by this change.
https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html


The following link contains the release notes from Firefox 60, that includes the distrust announcement for Symantec released certs:
https://www.mozilla.org/en-US/firefox/60.0/releasenotes/


In summary, this does not affects the security of OO.